Ansible

• Links

• https://docs.ansible.com/ansible/playbooks_best_practices.html
• https://docs.ansible.com/ansible/faq.html
• https://docs.ansible.com/
• https://docs.ansible.com/ansible/modules_by_category.html
• http://ryaneschinger.com/blog/securing-a-server-with-ansible/
• http://blog.toast38coza.me/custom-ansible-module-hello-world/

• Befehl ausführen

• https://docs.ansible.com/ansible/intro_adhoc.html

  ansible production -m command -a uptime
  ansible testserver -m fetch -a 'src=filepath dest=filename flat=yes'
  

• Debugging

• ansible bruce.home -m debug -a "msg=test"
  

• Displaying Ansible Facts

• - name: Play to get the gathre facts content
    hosts: DEV1
    tasks:
    - name: print ansible_facts
      debug:
       var: ansible_facts["kernal"]
  

• Playbook

• Playbook nur auf einem Host ausfuehren:

• ansible-playbook -l hosts playbook.yml
  ansible-playbook --limit hosts playbook.yml
  ansible-playbook --syntax-check playbook.yml
  

• Roles

• https://stackoverflow.com/questions/22649333/ansible-notify-handlers-in-another-role
• nginx: https://github.com/jdauphant/ansible-role-nginx/blob/master/tasks/configuration.yml

• Use su

•   become: yes
    become_user: username
    #su: yes
    #su_user: username
  

• Vault Secrets

• https://docs.ansible.com/ansible/playbooks_vault.html#decrypting-encrypted-files

• ansible-vault encrypt secrets.yaml
  ansible-vault decrypt secrets.yaml
  EDITOR=vim ansible-vault edit secrets.yml
  ansible-playbook playbook.yaml --ask-vault-password
  ansible-playbook playbook.yaml --ask-password-file FILES
  

• Read password from a file or script:

• ansible-playbook --vault-password-file /path/to/my/vault-password-file site.yml
  ansible-playbook --vault-password-file my-vault-password-client.py
  

• - name: Load Secrets
    include_vars:
      file: secrets.yaml
      name: secrets
  

• Lokal ausführen

• ansible-playbook -i "localhost," -c local workstation.yml
  

• User sudo with a password

• ansible-playbook site.yml --ask-sudo-pass
  

• Loops

• https://docs.ansible.com/ansible/playbooks_loops.html

• Playbook Examples

• Variablen

• https://docs.ansible.com/ansible/playbooks_variables.html

• - debug:
    args:
      msg: 'System {{ ansible_distribution_release }}'
  

• ansible host -m setup
  

• Debug Messages:

• name: Ansible check directory exists
  stat:
    path: /etc/pihole
  register: folderstat
  debug:
    msg: "{{ folderstat }}"
  

• Conditionals:

• set_fact: test=false
  when: folderstat.stat.exists == false
  

• Commandline

• ansible group -m ping
  ansible group -m command -a "sudo touch /tmp/ansible.txt" --ask-sudo-pass
  

• Variables

• Add variables from another file:

• - name: Include vm variables
    include_vars:
      file: vars/vms.yml
      name: vms
  

• Rename variable:

  set_fact:
    vm: "{{ vms.all.hosts[fqdn] }}"
  

• Docker

• https://docs.ansible.com/ansible/latest/collections/community/docker/docker_container_module.html

• - name: Create a data container
    community.docker.docker_container:
      name: mydata
      image: busybox
      volumes:
        - /data